<?php
/*****
 login.php:
 This file contains a simple front end login script.

 author: jez hancock
 support: http://forums.munk.nu/forumdisplay.php?fid=1
 date:		$Date: 2003/03/21 01:15:05 $
 version:	$Id: login.php,v 1.3 2003/03/21 01:15:05 root Exp root $
 *****/
include_once("config.php");

// Check user not logged in already:
checkLoggedIn("no");

// Page title:
$title="Авторизация";

// if $submit variable set, login info submitted:
if($_POST["submit"]) {
	//
	// Check fields were filled in
	//
	// login must be between 4 and 15 chars containing alphanumeric chars only:
	field_validator("login name", $_POST["login"], "alphanumeric", 4, 15);
	// password must be between 4 and 15 chars - any characters can be used:
	field_validator("password", $_POST["password"], "string", 4, 15);

	// if there are $messages, errors were found in validating form data
	// show the index page (where the messages will be displayed):
	if($messages){
		doIndex();
		// note we have to explicity 'exit' from the script, otherwise
		// the lines below will be processed:
		exit;
	}

	// OK if we got this far the form field data was of the right format;
	// now check the user/pass pair match those stored in the db:
	/*
	 If checkPass() is successful (ie the login and password are ok),
	 then $row contains an array of data containing the login name and
	 password of the user.
	 If checkPass() is unsuccessful however, $row will simply contain
	 the value 'false' - and so in that case an error message is
	 stored in the $messages array which will be displayed to the user.
	 */
	if( !($row = checkPass($_POST["login"], $_POST["password"])) ) {
		// login/passwd string not correct, create an error message:
		$messages[]="Неверный логин или пароль. Попробуйте снова.";
	}

	/*
	 If there are error $messages, errors were found in validating form data above.
	 Call the 'doIndex()' function (which displays the login form) and exit.
	 */
	if($messages){
		doIndex();
		exit;
	}

	/*
	 If we got to this point, there were no errors - start a session using the info
	 returned from the db:
	 */
	cleanMemberSession($row[login], $row[password]);

	// and finally forward user to members page (populating the session id in the URL):
	header("Location: profile.php?".session_name()."=".session_id());
} else {
	// The login form wasn't filled out yet, display the login form for the user to fill in:
	doIndex();
}

/*
 This function displays the default 'index' page for this script.  This consists of just a simple
 login form for the user to submit their username and password.
 */
function doIndex() {
	/*
	 Import the global $messages array.
	 If any errors were detected above, they will be stored in the $messages array:
	 */
	global $messages;

	/*
	 also import the $title for the page - note you can normally just declare all globals on one line
	 - ie:
	 global $messages, $title;
	 */
	global $title;

	// drop out of PHP mode to display the plain HTML:
	?>
<html>
<head>
<title><?=$title?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
	<?php doCSS()?>
<body>
	<?php
	// if there are any messages stored in the $messages array, call the displayErrors
	// function to output them to the browser:
	if($messages) { displayErrors($messages); }

	/*
	 PHP_SELF:
	 The $_SERVER superglobals variable $PHP_SELF is one of the most useful predefined variables in PHP.
	 It contains the URI (uniform resource indicator) of the current script.
	 For example if this script is at http://example.com/somedir/join.php, then $_SERVER["PHP_SELF"] will contain:
	 /somedir/join.php

	 This is very useful because it means if you change the name of the script, you don't have to change every reference
	 to the script in <form> tags - $_SERVER["PHP_SELF"] automatically includes the current script URI!
	 */
	?>
<form action="<?=$_SERVER["PHP_SELF"]?>" method="POST">
<table>
	<tr>
		<td colspan=2 class=up>Авторизация</td>
	</tr>
	<tr class='n'>
		<td width=70>Логин</td>
		<td><input type="text" name="login"
			value="<?php print $_POST["login"] ?>" maxlength="15"></td>
	</tr>
	<tr class='n'>
		<td>Пароль</td>
		<td><input type="password" name="password" value="" maxlength="15"></td>
	</tr>
	<tr>
		<td colspan=2 class='bot'><input name="submit" type="submit"
			value="Войти"> или <a href="join.php">зарегистрироваться</a></td>
	</tr>
</table>
</form>
</body>
</html>
	<?php
}
?>
